Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: do not inject GIT_USERNAME and GIT_PASSWORD into git clone URL #141

Merged
merged 5 commits into from
Apr 25, 2024
Merged

fix: do not inject GIT_USERNAME and GIT_PASSWORD into git clone URL #141

merged 5 commits into from
Apr 25, 2024

Conversation

johnstcn
Copy link
Member

@johnstcn johnstcn commented Apr 24, 2024
edited
Loading

Fixes #126

We had been writing the GIT_USERNAME and GIT_PASSWORD into the git auth URL as well as setting basic HTTP auth credentials.
This causes GIT_USERNAME and GIT_PASSWORD to be present in the .git/config of the clond repo, which is not desirable.
This PR removes that behaviour and modifies existing unit tests to assert that the git clone URL is not modified from what the user passes in.

The previous behaviour can be preserved by explicitly setting basic auth in the git clone URL, if required.

@johnstcn johnstcn self-assigned this Apr 24, 2024
johnstcn
johnstcn commented Apr 24, 2024
View reviewed changes
integration/integration_test.go
}
srv := httptest.NewServer(opts.authMW(createGitHandler(t, opts)))
return srv.URL
}

func checkBasicAuth(username, password string) func(http.Handler) http.Handler {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

review: moved to gittest

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it intended to be used anywhere else in envbuilder? I'm considering moving it to integration/gittest.go

Ok, I found the place. Speaking of consistency with coder/coder that should land in testutil.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do in a follow-up PR 👍

git_test.go
"github.com/stretchr/testify/require"
)

func TestCloneRepo(t *testing.T) {
t.Parallel()

t.Run("Clones", func(t *testing.T) {
t.Parallel()
for _, tc := range []struct {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

review: trying to cover all cases outlined here:

https://github.com/coder/envbuilder?tab=readme-ov-file#git-authentication

@johnstcn johnstcn marked this pull request as ready for review April 24, 2024 16:49
@johnstcn johnstcn changed the title fix: do not inject git credentials into git clone URL fix: do not inject GIT_USERNAME and GIT_PASSWORD into git clone URL Apr 24, 2024
dannykopping
dannykopping reviewed Apr 25, 2024
View reviewed changes
mtojek
mtojek reviewed Apr 25, 2024
View reviewed changes
integration/integration_test.go
}
srv := httptest.NewServer(opts.authMW(createGitHandler(t, opts)))
return srv.URL
}

func checkBasicAuth(username, password string) func(http.Handler) http.Handler {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it intended to be used anywhere else in envbuilder? I'm considering moving it to integration/gittest.go

Ok, I found the place. Speaking of consistency with coder/coder that should land in testutil.

git_test.go
return string(content)
}

func setupGit(t *testing.T, user, pass string) (url string) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about moving this to gittest?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll open a a separate PR to refactor this 👍

mtojek
mtojek approved these changes Apr 25, 2024
View reviewed changes
Copy link
Member

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing the comments so quickly!

@johnstcn johnstcn merged commit 95ae2f0 into main Apr 25, 2024
2 checks passed
@johnstcn johnstcn deleted the cj/git-config-dont-leak-creds branch April 25, 2024 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dannykopping dannykopping dannykopping left review comments

@mtojek mtojek mtojek approved these changes

@mafredri mafredri Awaiting requested review from mafredri

Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Gitlab oauth2:token being written to .git/config file after cloning
3 participants
@johnstcn @dannykopping @mtojek